Wind River Support Network

HomeDefectsLIN1021-5489
Fixed

LIN1021-5489 : Security Advisory - qemu - CVE-2023-1544

Created: Mar 21, 2023    Updated: Jul 3, 2023
Resolved Date: Jul 3, 2023
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

https://nvd.nist.gov/vuln/detail/CVE-2023-1544
Live chat
Online